If you won’t translate RDS profiles; I will!

Out of pure frustration with the fact that the Active Directory Migration Tool (ADMT) is unable (unwilling is my guess) to do security translation for users’ Remote Desktop Services (RDS) roaming profiles, I decided to take matters into my own hands and created the script below. It is not very refined just now, but I have a lot of ideas for future versions. In the meantime, if you can use it for something; great!

6 thoughts on “If you won’t translate RDS profiles; I will!”

Glad I found this site. We have numerous Terminal Servers we in a current major migration I’m working on. One question on this script: Do you run this after the server is migrated or before the server migration?

This script is not dependent on whether your terminal servers have been migrated or not. It works by looking at the root of the shared folder containing all your TS profiles. It then loops through them all replacing any occurence of “old domain” with “new domain”, using the same username. The effect being that if user1 had access to the profile; user1 now has the equivalent access. The only requirement here is that there is a trust between the old and new domains and that the server you are running the script from is able to contact a domain controller in both domains. Please not that this is something I whipped together late one night whilst very frustrated with ADMT! Although it will correctly translate your profiles, it could certainly need some more work to make it more generic. Anyway, hope it can help you some way!

I am currently in the process of migration on a new domain with ADMT and I am facing the RDS profiles translation problem right now.

I read your script and I have one interrogation:
In your script, you replace the ntfs rights and the users right in the registry;
Is there not anything else that need to be modified for a profile to work on an other user? Some file content or registry keys/values ?

No, changing the NTFS rights in the file system and the Registry rights inside the user’s hive is all that is required. I also have another post on this blog that goes into a bit more detail for how a profile can be transferred from one user to another, but the basic steps are the same.